Is there a way to “autosign” commits in Git with a GPG key?

Question

Is there an easy way to make Git always signs each commit or tag that is created?

I tried it with something like:

alias commit = commit -S

But th

Answer 1

You need to make clear that if you sign a commit or tag, that you do not mean that you approve the whole history. In case of commits you only sign the change at hand, and in case of tag, well.. you need to define what you mean with it. You might have pulled a change which claims it is from you but was not (because somebody else pushed it to your remote). Or it is a change you dont want to be in, but you just signed the tag.

In typical OSS projects this might be less common, but in a enterprise scenario where you only touch code every now and then and you don't read the whole history it might get unnoticed.

Signing commits is a problem if they will get rebased or cherry-picked to other parents. But it would be good if a modified commit could point to the "original" commit which actually verifies.